Assessing the Security of Your Application Development Shop

The application development group in any enterprise is critical to IT’s mission. However, at the same time, the security risks associated with software development are legendary. We continually see examples of successful attacks on production code by intruders who exploit known vulnerabilities, such as buffer overflows, use of nonsecure code libraries, directory traversing, untested paths in the code, and more. In addition, development shops often do not have security policies related to the development process and lack tools such as code analyzers to automate the process of discovering security vulnerabilities before code is deployed into production. Given these risks and the business risk related to software development, it is critical that auditors understand the issues in a development shop and assess the related business risk. Audit managers and audit staff involved with assessing audit risk associated with a software development shop and conducting an operational audit of that function will benefit from this course.​

In this course, we will discuss:

How attackers exploit vulnerabilities due to software defects.

Why network defenses are no longer enough.

Salient differences between secure and nonsecure development methodologies.